Oracle released its quarterly Critical Patch Update (CPU) for July addressing 276 vulnerabilities across multiple products.
This month’s Oracle CPU contains a record number of fixes on top of the previous monthly record holder of 248 this past January.
The biggest issue is of the 276 vulnerabilities, 159 can end up exploited remotely without authentication.
Overall, the July CPU addresses 36 security issues in applications designed specifically for the Retail, Insurance, Health, Financial, and Utility industries.
A total of 121 vulnerabilities ended up addressed in crucial business applications from Oracle, namely E-Business Suite, Fusion Middleware, PeopleSoft, Retail Applications, Oracle JD Edwards, Supply Chain Products, and Database Server.
Of the 121 flaws, 71 percent can end up exploited remotely without authentication.
Fusion Middleware is the most affected Oracle product, with 39 resolved vulnerabilities, 35 of which can end up exploited remotely without authentication. Next in line is the Oracle Sun Systems Products Suite with 34 bugs, 21 of which can end up exploited without authentication. Supply Chain with 27 vulnerabilities, E-Business Suite with 23, and MySQL with 22 flaws are also in the top five affected products.
The most critical updates are for Java SE, where 9 out of the 13 addressed issues can end up compromised remotely over the network.
These critical bugs have high-severity CVSS Scores between 7.0 and 10.0, and some of them are vulnerabilities in the HotSpot JVM internals, meaning customers need to apply the Java CPU patches as soon as possible.
The full details on the addressed vulnerabilities are available in Oracle’s security advisory.